#!/bin/bash
clear
RED="\033[31m"    # Error message
GREEN="\033[32m"  # Success message
YELLOW="\033[33m" # Warning message
BLUE="\033[36m"   # Info message
RESET='\033[0m'

if [ "$EUID" -ne 0 ]; then
  echo -e "${RED} Anda tiada kebenaran untuk menjalankan skrip ini! ${RESET}"
  exit 1
fi

function fail2ban {
  apt-get -y -qq install fail2ban
  cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
}

function ddosdeflate {
  apt-get -y -qq install dnsutils net-tools tcpdump dsniff grepcidr
  wget -q https://github.com/jgmdev/ddos-deflate/archive/master.zip -O /root/ddos.zip
  unzip /root/ddos.zip && rm /root/ddos.zip
  cd /root/ddos-deflate-master
  ./install.sh
  systemctl enable ddos
  systemctl start ddos
}

function iptables {
  DEBIAN_FRONTEND=noninteractive apt-get -y -qq install iptables-persistent
  iptables -P INPUT ACCEPT
  iptables -P FORWARD ACCEPT
  iptables -P OUTPUT ACCEPT
  iptables -I INPUT -i lo -j ACCEPT
  iptables -I OUTPUT -i lo -j ACCEPT
  iptables -I INPUT -p all -m state --state NEW,ESTABLISHED -j ACCEPT
  iptables -A FORWARD -i tun0 -j ACCEPT
  iptables -A FORWARD -i wg -j ACCEPT
  # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
  iptables -t nat -A POSTROUTING -o eth0 -s 10.1.0.0/24 -j MASQUERADE
  iptables -t nat -A POSTROUTING -o eth0 -s 10.2.0.0/24 -j MASQUERADE
  iptables -t mangle -A INPUT -m string --string "BitTorrent" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "BitTorrent protocol" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "peer_id=" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string ".torrent" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "announce.php?passkey=" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "torrent" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "announce" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "info_hash" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "get_peers" --algo bm --to 65535 -j DROP
  iptables -t mangle -A INPUT -m string --string "find_node" --algo bm --to 65535 -j DROP

  iptables-save >/etc/iptables/firewall.rules
  iptables-restore -t </etc/iptables/firewall.rules
  netfilter-persistent save
  netfilter-persistent reload
}

function install {
  fail2ban
  ddosdeflate
  iptables
}

install

echo
echo -e "${GREEN} Pemasangan dropbear pakej telah selesai. ${RESET}"
echo
